Strix
26.1K

CVE-2015-2851

UnknownEPSS 0.75%

Last modified

CVE-2015-2851 is a vulnerability of currently unknown severity. client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.. EPSS estimates a 0.75% chance of exploitation in the next 30 days.

Description

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Metrics

EPSS Probability
0.75%

50.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SynologyCloud Station1.1-2291
SynologyCloud Station2.0-2291
SynologyCloud Station2.0-2402
SynologyCloud Station2.1-2561
SynologyCloud Station2.1-2570
SynologyCloud Station2.1-2577
SynologyCloud Station3.0-3005
SynologyCloud Station3.0-3103
SynologyCloud Station3.0-3108
SynologyCloud Station3.0-3109
SynologyCloud Station3.0-3111
SynologyCloud Station3.1-3317
SynologyCloud Station3.1-3320

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-2851?
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
How severe is CVE-2015-2851?
Severity scoring for CVE-2015-2851 is pending analysis. The EPSS model estimates a 0.75% probability of exploitation in the next 30 days.
How do I fix CVE-2015-2851?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2851?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST